Signing happens at the end of the build now, even with in-build signing. The staging pipeline pushes the nupkgs. This step is not necessary, and pushes unsigned nupkgs.
* Switch repo to use native AzDO container support
This is a major refactor of the YAML used by the installer repo. The goal is to utilize the native container support that AzDO provides, rather than building containers on the fly and issuing commands using custom infrastructure. To do this, the YAML requires a bit of a refactor. The matrix strategy approach used by the repo to build a ton of different OS's does not work with containers, because a matrix strategy only changes the variables available to each build command. It cannot change the AzDO host environment. In order to resolve this, I refactored build.yml to take and use optional container names. In the process of doing this, I discovered a number of other things about the old YAML that just happened to 'accidentally' work and fixed them or did general cleanup. Including:
- This construct, used in build.yml, does not work as you might expect. If the parameter is not declared as a boolean (or not declared at all), this evaluates to "does this parameter exist", not "is it true":
```
${{ if parameters.pgoInstrument }}:
```
- I fully specified all the parameters and their types to avoid issues in the future.
- Build pool selection was moved to build.yml
- Removed some unused parameters.
- There was a **very** subtle indentation change here: 762d2966ee/.vsts-ci.yml (L275-L281). This meant that this leg ran in both PR and official builds. I have no idea whether this was the intention or not, but I kept it this way and reorganized the file.
**One change of note:** One of the upsides of the original matrix based approach is that job dependencies are simple. The jobs generated by the matrix are referred to in `dependsOn` lists only by the original job that contains the matrix. That keeps the dependsOn list small even if the number of jobs generated is large. Installer has a large set of independently addressable jobs now. Normally, we would solve this by using the arcade jobs template. The jobs template takes a set of jobs and automatically adds dependsOn for the publishing jobs. BUT, AzDO does not allow templates to be passed as parameters to other templates. This would mean that you couldn't use the build.yml template in conjunction with the jobs template and would have to list all the installer jobs as dependencies. This list would be hard to keep up to date. To avoid this, I used a new feature of publishing (`publishAssetsImmediately`) which uses the Publish To Build Asset Registry job to do the actual publishing call, and put it in a separate phase, then eliminated the post-build.yml call. This means that the publishing stage depends on all jobs in the build stage, and does not need to address them individually. Eliminating the post-build.yml stage may seem odd, but this is what actually happens when `publishAssetsImmediately` is set to true anyway.
- Cherry pick the internal runtime download changes over
- Cherry pick changes to the arcade SB template over (making the next update a noop and unblocking P7+)
- Hoist out the variable groups and parameters needed for the internal download to the top level yaml file.
- Remove the old DownloadFile task and replace this with the Arcade version. Specifically this allows us to remove
set/use of the DOTNETCLIMSRC_READ_SAS_TOKEN environment variable and instead rely on that task's ability to decode and
use a base64 encoded SAS token. The reason for the environment variable usage before was that the
non-encoded SAS token was getting mangled by msbuild/bash/etc. on non-Windows OSs.
- Update the source build tarball template with support for internal runtimes
Update to source build template
- The stage has been subsumed by the aka.ms functionality and now can be removed.
- Clean up dead properties and functionality no longer needed because of it.
- Removing publishing of nupkg files as blobs. This used to be useful before because we often needed to get at the nupkgs in a flat, easy to copy format for pushing to the VS feed. But now the staging pipeline takes care of this, and moreover the use of post-build signing means that these files are not useful straight out of the build anyway. This should reduce publishing time and some post-build signing time.
Remove nupkg install in publishing.props
The build produces warnings about using the old task:
```
##[warning]Task 'PublishTestResults' (1.0.45) is using deprecated task execution handler. The task should use the supported task-lib: https://aka.ms/tasklib
```
* Remoe unneeded parameters from build
Removes a bunch of old unused parameters and adds _AdditionalParameters to the whole matrix so AzDO doesn't throw out noisy warnings
* Do not run tests in official builds and cleanup build infra a bit
- Do not run the tests in official builds (build time improvement)
- Remove setbuildinfo.* and make parameters explicit.
- Remove a bunch of unused parameters
* Download core-setup files from MSRC storage
Add support for downloading core-setup files from an authenticated endpoint
* Update GenerateLayout.targets
* Adding changes to pass SAS token around
* Add credential provider to Dockerfile's
* Update after PR feedback
* Add comments about approach
* Copy NuGet config variables
